Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 18 Feb 1998 18:03:09 -0500 (EST)
From:      Michael Graffam <phundie@mhv.net>
To:        Benedikt Stockebrand <benedikt@devnull.ruhr.de>
Cc:        questions@FreeBSD.ORG, isp@FreeBSD.ORG
Subject:   Re: Books on security
Message-ID:  <Pine.LNX.3.96.980218175056.11414A-100000@localhost>
In-Reply-To: <873ehh41z3.fsf@devnull.ruhr.de>

next in thread | previous in thread | raw e-mail | index | archive | help
On 18 Feb 1998, Benedikt Stockebrand wrote:
> Actually, that can be a "big deal" if IP spoofing is a serious
> problem.

Yeah, I concede that spoofing is a problem with this method.. 

> If you need some virtual network with some machines in Peru you
> probably should consider using some crypto tunnel.

Yeah, tunneling through ssh would be my first choice, but this isn't
always possible.

> S/key is vulnerable to session hijacking, so ssh may be a better
> choice.  If you use rdist, ssh has the additional advantage that it
> allows root to do run it while plain rsh won't.

No, I don't run rdist. I do run ssh though, and when I am at a machine
that can do ssh, I use it. I do need to access my system through 
machines that can't do ssh though, and for this s/key is the next
best choice. I certainly prefer encrypted sessions, but until someone
makes, and my access points purchase a terminal server that does ssh,
I'm stuck with cleartext telnet.. hijacking my connection wouldn't
do too much good though. When on a connection like this I only log in
to a non-privy account. About the only thing they could do is read my
mail, and send mail as me. I don't consider this a big deal since anyone
can do that already by hacking my ISP (really bad security). They can't
even deny me my mail since it is all forwarded from my normal account..
I'd still have backups.. and I PGP sign all mail that I send when I
am using a secure channel, so sure.. they can get me, but they can't
do much, and being able to check my mail during the day and get to
a few files here and there greatly outweighs the security risk.

Michael J. Graffam (mgraffam@mhv.net)
http://www.mhv.net/~mgraffam -- Philosophy, Religion, Computers, Crypto, etc
"..subordination of one sex to the other is wrong in itself, and now
one of the chief hindrances to human improvement.." John Stuart Mill
"The Subjection of Women"


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.3.96.980218175056.11414A-100000>